package com.cc8w.filter;

import com.cc8w.entity.UserActivePojo;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

public class ShiroRememberMeFilter extends FormAuthenticationFilter {

    //过滤器访问,必须经过的方法,返回true表示通过
    @Override
    protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception {

        //1.获得主体
        Subject subject = SecurityUtils.getSubject();
        //2.通过主体获得session信息
        Session session = subject.getSession();
        //记住我的功能isAuthenticated肯定为false 而isRemembered肯定为true (因为不用短时间不用认证)
        if(!subject.isAuthenticated() && subject.isRemembered() && session.getAttribute("user")==null){
            //说明是记住我的功能
            UserActivePojo activeUser= (UserActivePojo)subject.getPrincipal();
            if(null!=activeUser){
                session.setAttribute("user",activeUser.getUserPojo());
            }
        }


        return true;
    }


}
